neconyd | 548e599ee8ece55a499a0b00cd1ab80f6c05311ec7c36fb335f0a5a2d38d1ea7

Analysis

max time kernel
145s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
09-06-2024 07:16

Target

159fb10a93017079f3e125136ddb4800_NeikiAnalytics.exe
Size

76KB
MD5

159fb10a93017079f3e125136ddb4800
SHA1

0103f08fb310df07359c345908137fae05a61f7f
SHA256

548e599ee8ece55a499a0b00cd1ab80f6c05311ec7c36fb335f0a5a2d38d1ea7
SHA512

d66f77fc4807238134b91afac62a2966b7b1d4745295be3c54b1e0e11dd30ae72655e31ff70d83020c29e461406560953f40ac6602d9132fcbe756edeee8420f
SSDEEP

768:3MEIvFGvZEr8LFK0ic46N47eSdYAHwmZGp6JXXlaa5uAW:3bIvYvZEyFKF6N4yS+AQmZTl/5O

Score

10^/10

neconyd trojan

Family

neconyd

http://ow5dirasuek.com/

http://mkkuei4kdsz.com/

http://lousta.net/

Neconyd
Neconyd is a trojan written in C++.
trojan neconyd
Executes dropped EXE 3 IoCs

Processes:

omsecor.exeomsecor.exeomsecor.exe

pid process

3320 omsecor.exe
1156 omsecor.exe
3416 omsecor.exe
Drops file in System32 directory 1 IoCs

Processes:

omsecor.exe

description ioc process

File created C:\Windows\SysWOW64\omsecor.exe omsecor.exe

description	ioc	process
File created	C:\Windows\SysWOW64\omsecor.exe	omsecor.exe

Suspicious use of WriteProcessMemory 9 IoCs

Processes:

159fb10a93017079f3e125136ddb4800_NeikiAnalytics.exeomsecor.exeomsecor.exe

description	pid	process	target process
PID 4896 wrote to memory of 3320	4896	159fb10a93017079f3e125136ddb4800_NeikiAnalytics.exe	omsecor.exe
PID 4896 wrote to memory of 3320	4896	159fb10a93017079f3e125136ddb4800_NeikiAnalytics.exe	omsecor.exe
PID 4896 wrote to memory of 3320	4896	159fb10a93017079f3e125136ddb4800_NeikiAnalytics.exe	omsecor.exe
PID 3320 wrote to memory of 1156	3320	omsecor.exe	omsecor.exe
PID 3320 wrote to memory of 1156	3320	omsecor.exe	omsecor.exe
PID 3320 wrote to memory of 1156	3320	omsecor.exe	omsecor.exe
PID 1156 wrote to memory of 3416	1156	omsecor.exe	omsecor.exe
PID 1156 wrote to memory of 3416	1156	omsecor.exe	omsecor.exe
PID 1156 wrote to memory of 3416	1156	omsecor.exe	omsecor.exe

C:\Users\Admin\AppData\Local\Temp\159fb10a93017079f3e125136ddb4800_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\159fb10a93017079f3e125136ddb4800_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4896

C:\Users\Admin\AppData\Roaming\omsecor.exe
C:\Users\Admin\AppData\Roaming\omsecor.exe
4⤵
- Executes dropped EXE
PID:3416

C:\Users\Admin\AppData\Roaming\omsecor.exe
Filesize
76KB

MD5
ecaec24c912ef002036c86b0fd2e2859

SHA1
31f5caa6c4d437e53300e5ed49957a8437f6b9ec

SHA256
8b2a3decf94e6803a03edd75fffc5df9e23ff422292e24580e1e7b800892c5f9

SHA512
ce05b548a4aef3831da8d255dfe3aa51964f68e6bc54ccaecda3d0bc5c45f7f90f7f0b8158cf0b3dbc38545774d26c2974b34222a867ab446d2ec9722b739cdd

Download Submit
C:\Users\Admin\AppData\Roaming\omsecor.exe
Filesize
76KB

MD5
cf5068c2e6b29ed1a24f51c5ea72ab44

SHA1
86aa0aee05997f929426fc402ff0c26f2e998896

SHA256
a5fb5c4ff84002f52da7998caeb1f479d2219e79261302dae75bc6441c617f21

SHA512
00130d1136746b5a45ce5c7c8d945b64ada1ec5b539137bc550b8d2886de419195afc3cfb5d8623dfa2eb2b932d24041b26e110f2eb06e2f9f2e4e828c49d839

Download Submit
C:\Windows\SysWOW64\omsecor.exe
Filesize
76KB

MD5
4b8ced504bc21b63fcbf79a10480d96a

SHA1
67da22a08c839c85be3c07c1a32fa93f3e190bc1

SHA256
748e438597ccc7a9138bbf957d0d02a949475fb932379070ba2a1d9066b5b8a9

SHA512
5e0b16956d2d3604dee34332639ad8f485551a63276341babda7a8a78e1d0ea369521b7af900823e85b17b208fcce1bc983cb632633d33c7ca0596489f64be8a

Download Submit